[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't even do an ls on a FTP server located on the WAN

On Wed, Feb 16, 2005 at 04:27:33AM -0700, jared r r spiegel wrote:
> On Wed, Feb 16, 2005 at 08:41:57AM +0100, Nicolas wrote:
> > 
> > 
> > The Debian machine does ftp masquerading, but I don't see anything
> > anormal on that machine.
> > 
> > The error message on the bastion, in /var/log/daemon, is:
> > ftp-proxy[18326]: connect() failed (No route to host)
> > 
> > What host is that? From the bastion, there're no problem at all with
> > routes to the Debian machine or the FTP server...
>   don't know what host the destination was, but source was 
>   certainly [OBSD BASTION], so should be on the pflog on the 
>   bastion machine.  could watch a tcpdump on the pflog0 iface
>   while you try again and duplicate a failure; should show
>   the blocked addr/port pair that ends up being reported to 
>   /var/log/daemon.
I removed NAT on the Debian machine which is located between the ftp
client and the bastion.
I managed to ls the distant repertory! But that only happened once,
while I did not change anything on the configurations... :-/
I did a tcpdump when this message appears on the ftp client:
ftp> ls
227 Entering Passive Mode (192,168,14,26,202,213)
421 Service not available, remote server has closed connection
Here is the tcpdump output, on the external interface of the bastion:
00:48:29.873992 heb62004.ikoula.com > icmp: host
heb62004.ikoula.com unreachable - admin prohibited
heb62004.ikoula.com has the same IP as ftp.europephoto.com. heb62004 is
the server where, I suppose, my website and some others are hosted. is the Debian machine located between my client and the
openbsd bastion.
Nicolas, Paris.
--- OxStOnE --------------  O
- Z750 & Linux -------  ._ /\_>
--- Powered ----------  (x)> (x)